Ask the Expert

Getting your career in infrastructure security started

I have six years of IT experience working with Microsoft servers. I am very interested in IT infrastructure security. Where should I start? I am a MCSA.

    Requires Free Membership to View

The foundation of knowledge that you have on Microsoft servers will be somewhat helpful as you start moving toward a security role. You do need a broader background in areas like network operations and desktop support. So you'll need to bone up on your networking skills and learn about defenses such as firewalls, VPNs and network intrusion prevention systems (NIPS).

You may already know a bit about these product categories via your work in the data center, but understanding the network attack vectors and, most importantly, the way to isolate and remediate exposures and attacks, is a bit different. There are really two ways to get this kind of understanding.

First, you can learn in the school of hard knocks. That means you basically ask for a transfer to your company's security team and start at the bottom. You'll likely be configuring firewalls and NIPS boxes, troubleshooting VPN issues, and maybe even looking over some log data to try to spot an attack and defend against it.

The other way is to go take some training courses. I suggest reading a lot (some of's Security Schools can certainly help provide an understanding of the vernacular) and also look into formal training, like that offered by organizations such as SANS and Security University. These courses offer a good base in introductory topics, which will start your journey with the right foundation.

I also suggest specializing fairly early in your education. A base of knowledge is essential, but then focusing on something like data center or server security could be a good choice, given your background already. There are hot topics like virtualization security that will require specialized knowledge in the future, and you are well-positioned to serve that need.

Other areas of potential specialization could include SOA security or Web application security, depending on what those Microsoft servers you were managing are actually doing.

For more information:

  • Learn best practices for landing a role in the security management field.
  • In this tip, security practitioners reveal what you should know when pursuing an information security career.
  • This was first published in December 2007

    There are Comments. Add yours.

    TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

    REGISTER or login:

    Forgot Password?
    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
    Sort by: OldestNewest

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to: